Solved unbound log file

fernandel

Aspiring Daemon

Reaction score: 205
Messages: 832

Hi!

I am using local_unbound from base OS and DNS over TLS works. I try to setup logfile but it shows oaky but there are anything.
In unbound.conf I have:
Code:
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
    username: unbound
    directory: /var/unbound
    chroot: /var/unbound
    pidfile: /var/run/local_unbound.pid
    auto-trust-anchor-file: /var/unbound/root.key
    logfile: /var/log/unbound.log
    log-queries: yes
include: /var/unbound/forward.conf
include: /var/unbound/lan-zones.conf
include: /var/unbound/control.conf
include: /var/unbound/conf.d/*.conf
I added just two lines related to log.
And local-unbound-checkconf shows that are no errors in /var/unbound/unbound.conf.

Thank you.
 

KBK

New Member

Reaction score: 3
Messages: 9

Hello there
What about unbound log file ownership? In FreeBSD set to unbound:wheel
Then the verbosity 1 to 5
verbosity: 1
# logfile
logfile: /var/unbound/unbound.log
# Optional: timestamp UTC ascii
log-time-ascii: yes
# Optional: debug only, more log info but server slower
log-queries: yes
#Unbound send log messages to syslogd, default: yes ; NO to log
use-syslog: no

Maybe chroot is not really necessary.
 

Alexander Huemeyer

Member

Reaction score: 4
Messages: 28

Hi!

I am using local_unbound from base OS and DNS over TLS works. I try to setup logfile but it shows oaky but there are anything.
In unbound.conf I have:
Code:
# This file was generated by local-unbound-setup.
# Modifications will be overwritten.
server:
    username: unbound
    directory: /var/unbound
    chroot: /var/unbound
    pidfile: /var/run/local_unbound.pid
    auto-trust-anchor-file: /var/unbound/root.key
    logfile: /var/log/unbound.log
    log-queries: yes
include: /var/unbound/forward.conf
include: /var/unbound/lan-zones.conf
include: /var/unbound/control.conf
include: /var/unbound/conf.d/*.conf
I added just two lines related to log.
And local-unbound-checkconf shows that are no errors in /var/unbound/unbound.conf.

Thank you.
The logfile-path has to be in the chroot. In your case: /var/unbound/unbound.log
 
OP
OP
fernandel

fernandel

Aspiring Daemon

Reaction score: 205
Messages: 832

The logfile-path has to be in the chroot. In your case: /var/unbound/unbound.log
I switch to [ports]dns/unbound[/ports] and I have the same problem.
Code:
logfile: /usr/local/etc/unbound/log/unbound.log
  log-time-ascii: yes
  log-queries: yes
  val-log-level: 2
Code:
chroot: /usr/local/etc/unbound
I made directory "log' and made unboud.log with touch.

But nothing...empty.
 
OP
OP
fernandel

fernandel

Aspiring Daemon

Reaction score: 205
Messages: 832

I have something more.
In /etc/passwd I have:
Code:
unbound:*:59:59:Unbound DNS Resolver:/var/unbound:/usr/sbin/nologin[/
[CODE]unbound:*:59:
I do not know if was there default or local_unbound which I did use wrote in.
I am using now "unbound' from ports and /usr/local/etc/unbound

Thank you.
 

chrbr

Aspiring Daemon

Reaction score: 249
Messages: 682

Dear fernandel,
please find below my working config serving the normal system plus a jail at 10.0.0.x as an example.
It configures the version available in ports and as pkg. I have the package installed.
Code:
server:
logfile: "/var/log/unbound.log"
auto-trust-anchor-file: "/var/unbound/root.key"
verbosity: 0
log-queries: yes
log-replies: yes
log-tag-queryreply: yes
log-local-actions: yes
log-servfail: yes
chroot: ""

    pidfile: "/var/run/unbound.pid"

port: 53    # port to answer queries from
do-ip4: yes    # Enable IPv4, "yes" or "no".
do-ip6: no    # Enable IPv6, "yes" or "no".
do-udp: yes    # Enable UDP, "yes" or "no".
do-tcp: yes

rrset-roundrobin: yes
minimal-responses: no
cache-min-ttl: 60
prefetch: no
prefetch-key: no
num-threads: 1  # 1 is enough for not heavy loaded server
use-syslog: yes
log-time-ascii: yes

    interface: 10.0.0.1
    interface: 127.0.0.1
    access-control: 10.0.0.0/8 allow
    access-control: 127.0.0.0/24 allow

include: /var/unbound/local-void.zones
There is no local_something in the lines. I use syslog. The include files I have really exist. You have lots of them. The entry in the password file about unbound is the same as the first line in your last post up to the bracket.
 
OP
OP
fernandel

fernandel

Aspiring Daemon

Reaction score: 205
Messages: 832

Dear fernandel,
please find below my working config serving the normal system plus a jail at 10.0.0.x as an example.
It configures the version available in ports and as pkg. I have the package installed.
Code:
use-syslog: yes
. I use syslog. The include files I have really exist. You have lots of them. The entry in the password file about unbound is the same as the first line in your last post up to the bracket.
Did you edit a syslog.conf, please?
 

Lamia

Well-Known Member

Reaction score: 57
Messages: 360

Code:
include: /var/unbound/control.conf
I don't comprehend the problem. But I can suggest a hint.
Local_unbound doesn't work well with the above. You need run the local_unbound_setup or so in order to generate the key-pair for the control setup and that throws an error.

You can do away with the control or comment it out. By the way, the conf should contain info about the secret keys. I'm not sure I'm seeing them in your conf.

The Unbound in the ports works well with the control feature. And you can use the forward-zone (if my memory serves me right) to route dns traffic to PowerDNS/DNSDIST and DNSCRYPT. Unbound can also be linked to NSD for private domains.
 
OP
OP
fernandel

fernandel

Aspiring Daemon

Reaction score: 205
Messages: 832

Dear fernandel,

yes. Sorry that I forgot to add those two lines related to unbound as
Code:
!unbound
*.*                                             /var/log/unbound.log
Yes, I did but I went to my first unbound.conf and it works:
Code:
...
directory: /usr/local/etc/unbound
chroot: /usr/local/etc/unbound
logfile: /usr/local/etc/unbound/unbound.log
...
 
Top